白名单域认证Laravel

本文介绍了白名单域认证Laravel的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在寻找仅允许某些域访问我的laravel应用程序的最佳方法.我当前正在使用Laravel 5.1，并且如果引荐域不在白名单域中，则正在使用中间件进行重定向.

I'm looking for the best way to only allow certain domains to access my laravel application. I'm currently using Laravel 5.1 and am using a Middleware to redirect if the referring domain isn't located in the whitelisted domains.

class Whitelist { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { //requesting URL $referer = Request::server('HTTP_REFERER'); //parse url to match base in table $host = parse_url($referer, PHP_URL_HOST); $host = str_replace("www.", "", $host); //Cached query to whitelisted domains - 1400 = 24 hours $whiteList = Cache::remember('whitelist_domains', 1400, function(){ $query = WhiteListDomains::lists('domain')->all(); return $query; }); //Check that referring domain is whitelisted or itself? if(in_array($host, $whiteList)){ return $next($request); }else{ header('HTTP/1.0 403 Forbidden'); die('You are not allowed to access this file.'); } } }

是否有更好的方法来做到这一点，或者我走在正确的轨道上?

Is there a better way to go about doing this, or am I on the right track?

任何帮助将不胜感激.

谢谢.

推荐答案

您步入正轨，实现起来似乎还不错.

You're on the right track, the implementation seems to be fine.

但是，不要相信HTTP_REFERER作为身份验证/标识的方式，因为它很容易修改.

However, do not trust the HTTP_REFERER as a means of authentication/identification as it can be modified easily.